This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
services:quay.ceph.io [2020/06/02 14:33] djgalloway created |
services:quay.ceph.io [2024/03/04 21:29] (current) zmc |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== quay.ceph.io ====== | ====== quay.ceph.io ====== | ||
- | ===== Summary ===== | + | ===== Pulling from quay.ceph.io ===== |
+ | In Quay's web UI, in the "Pull this container with the following Podman command:" fields, you'll see commands like this: | ||
+ | |||
+ | ''podman pull quay-quay-quay.apps.os.sepia.ceph.com/ceph-ci/ceph'' | ||
+ | |||
+ | These will work just fine when connected to the Sepia VPN. A public endpoint is available at ''quay.ceph.io'', so you may pull images without the VPN like so: | ||
+ | |||
+ | ''podman pull quay.ceph.io/ceph-ci/ceph'' | ||
+ | |||
+ | ===== Operations Summary ===== | ||
This is a VM in [[services:RHEV]] that was created because quay.io was having lots of issues the week of 25MAY2020 which broke the lab (https://tracker.ceph.com/issues/45343). | This is a VM in [[services:RHEV]] that was created because quay.io was having lots of issues the week of 25MAY2020 which broke the lab (https://tracker.ceph.com/issues/45343). | ||
SSH only listens on the front interface at quay.front.sepia.ceph.com. | SSH only listens on the front interface at quay.front.sepia.ceph.com. | ||
- | Due to the potentially large number of container images we'd be storing, I opted to use the [[services:longrunningcluster]]. | + | Due to the potentially large number of container images we'd be storing, I opted to use the [[services:longrunningcluster]] which is mounted at ''/lrc''. |
I just chose quay because it was the same software/tool that was already in use. Figured it'd be easy to just ''s/quay.io/quay.ceph.io'' wherever needed. | I just chose quay because it was the same software/tool that was already in use. Figured it'd be easy to just ''s/quay.io/quay.ceph.io'' wherever needed. | ||
- | Passwords are in ''magna001.ceph.redhat.com:/root/secrets'' | + | Passwords are in ''magna001.ceph.redhat.com:/root/secrets''. I reused the same username (Dan's), password, and repo name so using the new registry would be plug-n-play with our CI. |
+ | |||
+ | I had some trouble getting the containers to communicate with one another. The Quay docs don't cover setting up the ''br_netfilter'' kernel module or firewall rules so I wrote https://access.redhat.com/solutions/5254621. | ||
===== Setup Commands ===== | ===== Setup Commands ===== | ||
+ | From dmick, 3Nov22: apparently this has changed a bit; it looks like the client.container auth doesn't exist anymore; rather, client.admin is used. Also, the cluster path is /containers/quay | ||
<code> | <code> | ||
## On reesi001 | ## On reesi001 | ||
Line 28: | Line 40: | ||
# Then I just followed https://access.redhat.com/documentation/en-us/red_hat_quay/3.3/html/deploy_red_hat_quay_-_basic/preparing_for_red_hat_quay_basic | # Then I just followed https://access.redhat.com/documentation/en-us/red_hat_quay/3.3/html/deploy_red_hat_quay_-_basic/preparing_for_red_hat_quay_basic | ||
+ | </code> | ||
+ | |||
+ | |||
+ | |||
+ | ===== Letsencrypt ===== | ||
+ | Since the quay container listens on port 80 and 443, we have to temporarily stop it to renew the cert. To avoid doing this too frequently, I have it done on the first Saturday of even-numbered months early in the morning when traffic should be minimal. | ||
+ | |||
+ | <code> | ||
+ | [root@quay ~]# crontab -l | ||
+ | # On the first Saturday of Feb,Apr,Jun,Aug,Oct,Dec, renew quay cert | ||
+ | 0 4 * 2,4,6,8,10,12 6 [ $(date +\%d) -le 06 ] && /root/bin/quay-cert-renew.sh | ||
+ | |||
+ | [root@quay ~]# cat /root/bin/quay-cert-renew.sh | ||
+ | #!/bin/bash | ||
+ | for container in $(docker ps | grep "quay\.io" | awk '{ print $1 }'); do docker stop $container; done | ||
+ | certbot renew | ||
+ | docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 --privileged=true -v /etc/quay:/conf/stack:Z -v /lrc:/datastorage/registry:Z -d quay.io/redhat/quay:v3.3.0 | ||
</code> | </code> |